DID Authentication (DID Auth) is the mechanism by which an entity can cryptographically prove that they are associated with a DID and DID Description.

Authentication is separate from Authorization because an entity may wish to enable other entities to update the DID Document, for example, to assist with key recovery without enabling them to prove ownership (and thus be able to impersonate the entity.

{
"@context": "https://w3id.org/did/v1",
"id": "did:example:123456789abcdefghi",
...
"authentication": [{
// this key can be used to authenticate as DID ...fghi
"type": "RsaSignatureAuthentication2018",
"publicKey": "did:example:123456789abcdefghi#keys-1"
}, {
// this key can be used to authenticate as DID ...fghi
"type": "PseudonymousBiometricAuthentication2018",
"biometricTemplate": "did:example:123456789abcdefghi#bio-1"
}],
...